From c903400bacc9306217d2ac560bf4f843cdc975d1 Mon Sep 17 00:00:00 2001 From: iadgovuser58 <124906646+iadgovuser58@users.noreply.github.com> Date: Thu, 18 Apr 2024 12:27:44 -0400 Subject: [PATCH] spdm processing --- .../events/DeviceSecurityEventDataHeader.java | 46 +++++++++- .../hirs/utils/tpm/eventlog/spdm/SpdmHa.java | 85 +++++++++++++++++++ 2 files changed, 127 insertions(+), 4 deletions(-) create mode 100644 HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmHa.java diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java index 36671287..c7d5f344 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java @@ -2,6 +2,7 @@ package hirs.utils.tpm.eventlog.events; import hirs.utils.HexUtils; import hirs.utils.tpm.eventlog.TcgTpmtHa; +import hirs.utils.tpm.eventlog.spdm.SpdmHa; import hirs.utils.tpm.eventlog.uefi.UefiConstants; import lombok.Getter; @@ -113,6 +114,19 @@ public class DeviceSecurityEventDataHeader { @Getter private String devicePath = ""; + /** + * Device Security Event Data Device Type = no device type. + */ + public static final int DEVICE_TYPE_NONE = 0; + /** + * Device Security Event Data Device Type = DEVICE_TYPE_PCI. + */ + public static final int DEVICE_TYPE_PCI = 1; + /** + * Device Security Event Data Device Type = DEVICE_TYPE_USB. + */ + public static final int DEVICE_TYPE_USB = 2; + /** ----------- Variables specific to Header Type 1 ----------- // /** // * Type Header 1 event data length. @@ -140,10 +154,9 @@ public class DeviceSecurityEventDataHeader { * @param dSEDbytes byte array holding the DeviceSecurityEventData. */ public DeviceSecurityEventDataHeader(final byte[] dSEDbytes) { -// algList = new ArrayList<>(); + byte[] signatureBytes = new byte[UefiConstants.SIZE_16]; System.arraycopy(dSEDbytes, 0, signatureBytes, 0, UefiConstants.SIZE_16); - //signature = HexUtils.byteArrayToHexString(signatureBytes); signature = new String(signatureBytes, StandardCharsets.UTF_8) .substring(0, UefiConstants.SIZE_15); @@ -161,13 +174,13 @@ public class DeviceSecurityEventDataHeader { System.arraycopy(dSEDbytes, UefiConstants.OFFSET_20, spdmHashAlgoBytes, 0, UefiConstants.SIZE_4); int h1SpdmHashAlgoInt = HexUtils.leReverseInt(spdmHashAlgoBytes); - h1SpdmHashAlgo = "to do - get hash alg"; + h1SpdmHashAlgo = SpdmHa.tcgAlgIdToString(h1SpdmHashAlgoInt); byte[] deviceTypeBytes = new byte[UefiConstants.SIZE_4]; System.arraycopy(dSEDbytes, UefiConstants.OFFSET_24, deviceTypeBytes, 0, UefiConstants.SIZE_4); int deviceTypeInt = HexUtils.leReverseInt(deviceTypeBytes); - deviceType = "to do - get device type"; + deviceType = deviceTypeToString(deviceTypeInt); // // byte[] numberOfAlgBytes = new byte[UefiConstants.SIZE_4]; @@ -190,6 +203,31 @@ public class DeviceSecurityEventDataHeader { // } } + /** + * Returns the device type via a lookup. + * Lookup based upon section 10.2.7.2, Table 19, in the PFP 1.06 v52 spec. + * + * @param deviceTypeInt int to convert to string + * @return name of the device type + */ + public String deviceTypeToString(final int deviceTypeInt) { + String deviceTypeStr; + switch (deviceTypeInt) { + case DEVICE_TYPE_NONE: + deviceTypeStr = "No device type"; + break; + case DEVICE_TYPE_PCI: + deviceTypeStr = "PCI"; + break; + case DEVICE_TYPE_USB: + deviceTypeStr = "USB"; + break; + default: + deviceTypeStr = "Unknown or invalid Device Type"; + } + return deviceTypeStr; + } + /** * Returns a human readable description of the data within this event. * diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmHa.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmHa.java new file mode 100644 index 00000000..ce6a2fb1 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmHa.java @@ -0,0 +1,85 @@ +package hirs.utils.tpm.eventlog.spdm; + +import hirs.utils.HexUtils; +import lombok.AccessLevel; +import lombok.NoArgsConstructor; + +/** + * Class for defining constants referenced in the DMTF + * SPDM specification. + */ +@NoArgsConstructor(access = AccessLevel.PRIVATE) +public class SpdmHa { + + + /** + * ------------------- SPDM Spec: MeasurementHashAlgo ------------------- + * SPDM 1.3.0, Table 21 + */ + /** + * Spdm Hash Alg = Raw bit stream + */ + public static final int TPM_ALG_RAW = 1; + /** + * Spdm Hash Alg = TPM_ALG_SHA_256. + */ + public static final int TPM_ALG_SHA_256 = 2; + /** + * Spdm Hash Alg = TPM_ALG_SHA_384. + */ + public static final int TPM_ALG_SHA_384 = 4; + /** + * Spdm Hash Alg = TPM_ALG_SHA_512. + */ + public static final int TPM_ALG_SHA_512 = 8; + /** + * Spdm Hash Alg = TPM_ALG_SHA3_256. + */ + public static final int TPM_ALG_SHA3_256 = 16; + /** + * Spdm Hash Alg = TPM_ALG_SHA3_384. + */ + public static final int TPM_ALG_SHA3_384 = 32; + /** + * Spdm Hash Alg = TPM_ALG_SHA3_512. + */ + public static final int TPM_ALG_SHA3_512 = 64; + + /** + * Returns the hash name via a lookup. + * Lookup based upon section 10.4 for the SPDM v1.03 document. + * + * @param algId int to convert to string + * @return name of the algorithm + */ + public static String tcgAlgIdToString(final int algId) { + String alg; + switch (algId) { + case TPM_ALG_RAW: + alg = "Raw Bit Stream"; + break; + case TPM_ALG_SHA_256: + alg = "TPM_ALG_SHA_256"; + break; + case TPM_ALG_SHA_384: + alg = "TPM_ALG_SHA_384"; + break; + case TPM_ALG_SHA_512: + alg = "TPM_ALG_SHA_512"; + break; + case TPM_ALG_SHA3_256: + alg = "TPM_ALG_SHA3_256"; + break; + case TPM_ALG_SHA3_384: + alg = "TPM_ALG_SHA3_384"; + break; + case TPM_ALG_SHA3_512: + alg = "TPM_ALG_SHA3_512"; + break; + default: + alg = "Unknown or invalid Hash"; + } + return alg; + } + +}